The reliability of self-identifying chips has become a necessity in contemporary security and encryption applications. Global Semiconductor Alliance (GSA) describes in “Hardware Intrinsic Security: Fabless Perception and Awareness Study” a need in the semiconductor industry for a secret key storage, wherein the cost is the top barrier that requires to be addressed to increase the adoption of a secret key storage and hardware intrinsic security. Moreover, the unique identification of a specific device is a dominant reason given by practitioners for adopting the secret key storage. Clearly, according to respondents to GSA, generally fabless semiconductor design companies, there is a critical need for a cost-effective solution to internal and external IC clients that provides chip authentication and identification with minimal design and area overhead. The solution should require a minimum amount of additional circuitry or mask levels on the chip, have no impact on yield, and be adaptable to a broad range of products.
Authentication of integrated circuits (ICs) includes physical unclonable functions (PUFs) that use wire path delays (possibly compensated to account for varying temperature/voltage operating conditions), error correction, control modules limiting access to PUFs, random hashing to obfuscate a true PUF input/output relationship, multiple feedback loops through the PUF to increase the response complexity, or PUFs which responses change when a varying clock period is applied.
When identifying devices using physically unclonable functions, the generation of a response to the PUF that uniquely represents the identity of the device includes a device having a memory that extends to the hardware and software and which requires the use of a memory response as a hardware-intrinsic identification for the device. The manufacture and use of SRAMs, latches and FPGAs (for their use of contention between logic gates under certain operating conditions) may have varying characteristics that uniquely distinguish each device from a group.
Systems providing an IC chip with a unique identification may include a block in a chip that can be used for unique identification of the chip. The chip must then include a plurality of identification cells formed within the IC that generates the response as a function of random parametric variations in the cells. It may further expand to cells that include at least one transistor, the mismatch of two transistors, varying types of cells, or values stored on cells that may be read out as a sequence of bits.
While the concept of chip identification circuits in the presence of process variations introduces adjustment of voltage to tune the Hamming distance (i.e., the number of logic 1's in an ID string) of the generated ID to a desirable value, repeated testing of the ID within a single generation cycle can increase the ID stability to ensure that the ID generated at one time can be read out thereafter without difficulty or changing bits.
Although the aforementioned ID solutions theoretically allow for the generation of intrinsic IDs, there is a risk that the generated bits include unstable bits which may change over time, giving rise to the possibility of failing to identify the correct chip, or incorrectly identifying it. There is a further possibility to generate the same ID vectors for multiple chips, particularly when the vector bit string length is short. Increasing the vector length reduces the chance of having the same ID for multiple chips, but it increases the system overhead to manage long vector patterns for recognition. In addition, even if the chip uniquely generates a unique intrinsic ID within a chip, there is a risk that the ID may be copied illegally during the ID read operation. Having longer ID vectors reduces the risk, albeit, at the cost of an increase of complexity of the vector management and system overhead. The key for intrinsic electronic chip identification is to generate a reliable and unique ID generation, for example, for more than one million parts. This requires a stable ID generation and verification to be defined correctly for only one chip without misidentifying the ID with others. In addition to the ID generation challenge, the ID read must be sufficiently secure in order not to be stolen during an ID readout.
FIG. 1a illustrates a prior art dynamic random access memory array (DRAM), consisting of a plurality of one transistor and one capacitor cell (101) arranged in a two dimensional matrix. The DRAM array 100 is supported by a wordline (WL) and bitline (BL), each WL supporting a plurality of cells coupled to either an even BL (BLe's) or to an odd BL (BLo's). This permits creating a BL pair using BLe's and BLo's for a differential sensing scheme. Prior to the memory access, all the BLs are precharged to a BL precharge voltage (VPRE). VPRE is preferably set at half the voltage between 0 and 1 voltage stored in the cell. By way of example, it is assumed that the cell stores 0v for a 0, and VDD for a 1, and VPRE set at ½ VDD for a ½ VDD sensing scheme. When WL rises, cells coupled to the corresponding WL are simultaneously activated, coupling the capacitors in the selected cells to the corresponding BLs (i.e., BLe's). This results in a charge sharing between the cell capacitor and the BL capacitor. Other BLs (i.e. BLo's) remain at the VPRE (½VDD) level, creating a differential voltage (delta SA) between each BL pair. Delta SA on the BLs is then amplified to the full CMOS level and latched by sense amplifiers (SAs) (102). For a ‘0’ reading, BLe is lower than BLo, allowing BLe and BLo to go low and high, respectively. For a ‘1’ reading, BLe is higher than BLo, allowing BLe and BLo to go high and low, respectively, and allowing the cells to restore the fully amplified BL voltage to be written to the corresponding cells. A write mode is enabled by activating WL, allowing the cells coupling the corresponding WL to be written through the BLs (i.e., BLe's). The voltage written to the cells are maintained by capacitors as a dynamic random access memory. The capacitive charge for a ‘1’ data (or VDD) can be leaked as a pause (retention pause time) goes by, resulting in a ‘1’ fail, (retention fail) for the address (failing memory address) corresponding to the leaky fail. To increase the retention time, a WL driver (106) may preferably use a negative voltage (VWL) to reduce the sub-threshold current of the cell (101). The intrinsic chip identification used preferably in the invention will be shown employing the retention behavior with VWL control to create a controllable random binary vector, the details of which will be discussed hereinafter in a preferred embodiment.
Referring to FIG. 2a, a prior art static random access memory cell and supporting circuitry are shown, preferably consisting of a six transistor SRAM cell (201) consisting of cross-coupled inverters (230 and 231) and two access transistors (232 and 233) intended to be arranged in proximity to a plurality of similar six transistor SRAM cells in a two dimensional matrix. Cells are coupled to a wordline (WL) (205) and a bitline (BL) pair (211 and 212). The memory access of the SRAM is enabled by activating the WL enable signal (203). This sets the WL (205) high, coupling the cross-coupled nodes (214 and 215) to the bitlines (211 and 212) through the access transistors (232 and 233). Prior to the WL activation, a bitline equalization enable signal (207) goes low, disabling the BL equalization devices (209), resulting in creating a differential voltage on the BL pair. The differential voltage on the BL pair is converted to a digital binary output using the sense amplifier (SA) (213). As will be shown hereinafter the intrinsic ID generation used in the present invention preferably activates the WL while enabling the equalizer, which results in an abnormal condition, generating a random binary string, the details of which will be discussed hereinafter in preferred embodiments.